• They did this before with the eliptic curve cryptography, and we knew it had this problem before it was implemented as a standard.

    So if the NSA offers a standard, don’t trust it and include in your encryption software the option to use something different.

    • kraniax
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      do you happen to have any links? I’d like to read more about this.

      • Uriel238 [all pronouns]@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        It was a big deal in the early 2010s so easy to web search. Techdirt had a lot of posts on it, so you might be able to search them for key words like eliptic, encryption, NSA, NIST, etc.

        Also at the same time, NSA was wooing penetration testers to sell them zero-day vulnerabilities rather than reporting them to appropriate public forums or software developers. Around this time large companies liked to sue white-hats for CFAA violations rather than paying the bounties for discovered vulnerabilities, deflecting said hats towards gray- and black- activities. Some would sell these vulnerabilities to other non-NSA interests, leading to ransomware epidemics and other fun hacker shenanigans.

        It’s a good time to be a hacker without scruples, especially since the NSA is continuing its surveillance efforts rather than securing communications of the free world. (The latter is – was? – the mission of the NSA in the 20th century.)